sshd: backport upstream fix for SSHD-1231
SSHD-1231[1] may lead to exceptions when trying to authenticate first with an RSA key that is rejected by the server. The upstream fix is a one-liner but unfortunately didn't make it into Apache MINA sshd 2.8.0. Incorporate the upstream fix in JGitPublicKeyAuthentication, and add a test case for this. [1] https://issues.apache.org/jira/browse/SSHD-1231 Bug: 577545 Change-Id: Ia744cd4aa569bccd937c855f3bb45c0116915bad Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
This commit is contained in:
parent
709087c582
commit
4c555f0742
|
@ -107,6 +107,32 @@ public void testEd25519HostKey() throws Exception {
|
|||
"IdentityFile " + privateKey1.getAbsolutePath());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test for SSHD-1231. If authentication is attempted first with an RSA key,
|
||||
* which is rejected, and then with some other key type (here ed25519),
|
||||
* authentication fails in bug SSHD-1231.
|
||||
*
|
||||
* @throws Exception
|
||||
* on errors
|
||||
* @see <a href=
|
||||
* "https://issues.apache.org/jira/browse/SSHD-1231">SSHD-1231</a>
|
||||
*/
|
||||
@Test
|
||||
public void testWrongKeyFirst() throws Exception {
|
||||
File userKey = new File(getTemporaryDirectory(), "userkey");
|
||||
copyTestResource("id_ed25519", userKey);
|
||||
File publicKey = new File(getTemporaryDirectory(), "userkey.pub");
|
||||
copyTestResource("id_ed25519.pub", publicKey);
|
||||
server.setTestUserPublicKey(publicKey.toPath());
|
||||
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
|
||||
"Host git", //
|
||||
"HostName localhost", //
|
||||
"Port " + testPort, //
|
||||
"User " + TEST_USER, //
|
||||
"IdentityFile " + privateKey1.getAbsolutePath(), // RSA
|
||||
"IdentityFile " + userKey.getAbsolutePath());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHashedKnownHosts() throws Exception {
|
||||
assertTrue("Failed to delete known_hosts", knownHosts.delete());
|
||||
|
|
|
@ -108,4 +108,18 @@ public PublicKeyIdentity next() {
|
|||
};
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(
|
||||
ClientSession session, String service) throws Exception {
|
||||
PublicKeyIdentity result = super.resolveAttemptedPublicKeyIdentity(
|
||||
session, service);
|
||||
// This fixes SSHD-1231. Can be removed once we're using Apache MINA
|
||||
// sshd > 2.8.0.
|
||||
//
|
||||
// See https://issues.apache.org/jira/browse/SSHD-1231
|
||||
currentAlgorithms.clear();
|
||||
return result;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue